external IP address unavailable after openvswitch starts

asked 2016-02-23 22:55:27 +0300

JohnF gravatar image

updated 2016-02-24 22:04:24 +0300

I seem to be having an issue with getting openvswitch configured properly. I am able to setup the OVS bridges br-tun and br-int with no issue and I can ping both the local IP ( and the other vxlan endpoint ( with no issue. However once I start the agent the IPs stop responding. The only way I can recover is to stop the agent and remove/readd br-tun.

When I start the agent the vxlan tunnel is created does not seem to work. The other end is a Centos 7.2 Liberty setup and I have successfully run another Centos 7.2 compute node using OVS and vxlan...

Here is the ovs-vsctl show:

C:\Users\Administrator>ovs-vsctl show
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "external.1"
            Interface "external.1"
        Port "vxlan-0a000223"
            Interface "vxlan-0a000223"
                type: vxlan
                options: {df_default="true", dst_port="8472", in_key=flow, local_ip="", out
_key=flow, remote_ip=""}
        Port internal
            Interface internal
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal

I'm not sure how to continue to debug this...

Here is the OVS config:

Here is the OVS config on the server:

    bridge_mappings = public:public-vs1
    policy_file=C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\etc\policy.json
    tunnel_types = vxlan
    vxlan_udp_port = 8472
    local_ip =
    tunnel_bridge = br-tun
    integration_bridge = br-int
    tenant_network_type = vxlan
    enable_tunneling = true

Other OVS information;

The only flow getting packets is fropping them:

cookie=0xa4424c7dd109bf50, duration=58.055s, table=0, npackets=51, nbytes=3821, idle_age=0, priority=0 actions=drop

C:\Users\Administrator>ovs-ofctl show br-tun
OFPT_FEATURES_REPLY (xid=0x2): dpid:00007eb58589ab4cn_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(external.1): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 2(internal): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 3(patch-int): addr:02:9b:32:fb:4b:6a
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 4(vxlan-0a000223): addr:8a:27:a8:42:66:d0
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 5(vxlan-0a000224): addr:7e:29:aa:d4:1d:b6
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

C:\Users\Administrator>ovs-vsctl list-ports br-tun

C:\Users\Administrator>ovs-vsctl list-ports br-int

C:\Users ...
If I add a flow in table 0 at priority 1 or two with an action of NORMAL I am again able to ping the other endpoints. However, that prevents the packet from reaching table 10 which should be the VXLAN learning flow (or at least that is my understanding) I'm not sure what I am missing...

JohnF ( 2016-02-25 01:45:05 +0300 )

2 answers

answered 2016-02-24 20:54:25 +0300

abalutoiu gravatar image

Hello JohnF,

Can you please try to remove the ports "internal" and "external1" from br-tun and add them inside a new bridge? You can do the following:

ovs-vsctl.exe del-port br-tun internal
ovs-vsctl.exe del-port br-tun external.1
ovs-vsctl.exe add-br br-ex
ovs-vsctl.exe add-port br-ex internal
ovs-vsctl.exe add-port br-ex external.1

Let us know if this fixes your issue.


the external interface may be a misnomer as it is the interface used for the vxlan tunnels. The public interface with internet access is a separate adapter. I added the flow and other OVS information at the end of the original post. What I seem to be seeing is packets being dropped by the flows

JohnF ( 2016-02-24 22:02:19 +0300 )

I did do as suggested. The IP address was then available but no traffic was routed over the vxlan tunnels. I have reverted to the original configuration

JohnF ( 2016-02-25 17:26:32 +0300 )

OVS 2.4 has support only for a single NIC, 2.5 will have support for multiple NICs. What exactly are you trying to achieve using multiple NICs?

abalutoiu ( 2016-02-25 22:59:08 +0300 )

There are three NICs in use. One is for 'public/internet" access. This is not used for openstack. The second is the openstack management interface also not used by OVS. The third and the one in question here for OVS is the interface to be used for vxlan bridging...

JohnF ( 2016-02-26 00:32:20 +0300 )

I'm really at a loss here. icmp traffic is blocked to the target IP, arp traffics seems blocked, dhcp requests across the xvlan tunnel do not work. I do not know where else to troubleshoot. Any help would be appreciated.

JohnF ( 2016-02-26 22:37:05 +0300 )

answered 2016-03-23 04:14:03 +0300

aserdean gravatar image

Hello John,

Sorry for the delay.

As my colleague was suggesting add a new bridge so you do not have to write your own flows.

Traffic should go through the VXLAN tunnels only if a VM is started on the host. Once a VM is started on the host your br-tun flows should be updated by the neutron-ovs-agent.

We can debug further if that does not work for you.

Useful information. Please post all the following commands after starting a VM: ovs-dpctl show ovs-vsctl show ovs-ofctl dump-flows br-tun ovs-ofctl dump-flows br-int ovs-ofctl show br-tun ovs-ofctl show br-int

Please make sure that the extension is enabled only on a single VMSwitch and only one internal switch port is added to VMSwitch.


Asked: 2016-02-23 22:55:27 +0300

Seen: 987 times

Last updated: Mar 23 '16